[systemd-devel] systemd-homed: can't activate home
Lennart Poettering
lennart at poettering.net
Fri Sep 4 23:04:59 UTC 2020
On So, 30.08.20 12:23, Ehud Cseresnyes (ehud at posteo.de) wrote:
> Hey everyone,
>
> I'm running into issues regarding systemd-homed. I couldn't find an
> answer in the manuals, any forums and nobody could help me in #systemd
> either, which is why I turned to this list.
>
> Basically, I have a valid ehud.home file that uses LUKS as storage, to
> which I know the password of. Due to some mistakes on my part, I
> deleted the ehud.identity file located in /var/lib/systemd/home/.
That shouldn't matter much, the data there is mostly redundant, it
just carries the binding of the home directory to the local host,
i.e. picks a UID for the account, manages login ratelimits and
such. If you remove it that stuff is flushed out but can be
regenerated from the account info inside the image.
> My question now is: Do I need that identity file to access my home
> again?
> I'm hoping no because of three things:
>
> - In the manual it says "The user's password is identical to the
> encryption passphrase of the LUKS2 volume."
> - When I try "homectl activate ehud", it asks for my password and in
> the logs it says: "systemd-homework[4855]: Provided password unlocks
> user record."
Yupp, so far all is good.
> - Afterwards, it says in the logs "Failed to validate disk label:
> Package not installed" (I couldn't figure out which package?) but
> nonetheless a new (to me fine-looking) ehud.identity file is placed in
> /var/lib/systemd/home/
So this happens if homed comes to the conclusion that the image file
is not in order. i.e. doesn't contain a single partition of partition
type 773f91ef-66d4-49b5-bd83-d683bf40ad16 that contains the LUKS2
encrypted home dir.
> This seems to align with my understanding that there's also an
> (encrypted) ~/.identity file in my (encrypted) home that can only be
> retrieved with the user password. Am I correct in this?
Yes.
> My issue is that the home cannot be mounted through homectl. It always
> asks for my password and then fails with "Operation on home ehud
> failed: Failed to execute operation: Package not installed".
> When I use a wrong password, it says password incorrect, so the
> password must be correct.
>
> I also tried mounting the .home file manually (as it appears to be a
> MBR) but had no success either.
That should just work. And no, it's not MBR. It's GPT. If it's indeed
MBR then something is seriously off, the volume you are looking at is
not the home loopback file!
> I am suspecting this issue has something to do with the signature of
> the identity file somehow? (Everything worked fine until I removed the
> identity file originally)
No, that throws a different error.
Are you sure you are looking at the right image? maybe you are not
looking at the luks home volume but maybe on the block device it is
stored on or so?
home directories managed by homed are files called /home/$USER.home,
they contain a GPT partition table with a single partition as
mentioned above, of partition type
773f91ef-66d4-49b5-bd83-d683bf40ad16, and with a LUKS2 volume
inside. That LUKS2 volume needs to carry some extra metadata in its
header (another encrypted copy of the user record), and inside of the
volume is the file system that contains your data.
Lennart
--
Lennart Poettering, Berlin
More information about the systemd-devel
mailing list